Skillset

As the year 2013 draws to a close, we decided to make some predictions for the most popular Security Trends in 2014. Here is what we think are the major points that will determine the determine the Security Landscape in the coming year.

Big Boom in Mobile Security

Security is catching up to mobile fast. We are in the post PC revolution and with the rise in the number of people using Smartphones, most of the information that we have is available to us anytime in the palm of our hand. In 2014, we will see a big rise in mobile security awareness among developers as well as the number of mobile threats and malwares. A number of new mobile security analysis tools will be launched and frameworks like Metasploit would also be added with a number of exploits for mobile operating systems. Mobile Developers will start realizing the fact that their applications are not secure and will begin taking precautions to prevent their applications from being exploited. Every company dealing with security will try to make use of this window and try to emerge as the leaders in the mobile security domain. We will also see a number of certifications being launched by companies with specific focus on Mobile Security.

Attacks on Bitcoin

Bitcoins are becoming popular for a quick and easy way of payment. In the coming years, we will see malwares that specifically target the Bitcoin wallets of users. This is more effective because once the coins are stolen, they can be used instantly or even cashed out with full anonymity.

Services which provide anonymity will be in demand

As the normal user becomes more and more concerned about what they do online because of the intelligence agencies that keep an eye on everything they do, the use of services that provide more anonymity will become more popular among regular users. Services like Tor and VPN service providers will see a great increase in demand. New encryption mechanisms will also be used to encrypt data.

Concept of a Parallel Internet

The concept of a parallel internet has been around since some time now. In the past, concerns have been raised over whether Internet censorship is the answer to defend against scenarios that could generate online piracy. This issue has become so prominent because popular sites like Google and Facebook allows users to share information without bearing responsibility for the content posted. Project Meshnet (originally called the Darknet) was born out of concerns over censorship and is aimed at setting up an open, decentralized, and censorship free Internet. This architecture makes mesh topology completely decentralized, (i.e. without any centralized authority) thus making it impossible to censor any form of data. In 2014, we will see an increase in the use of such parallel networks.

Another reason for this fragmentation of the internet could be for the safety of the users. In the coming years, we might see some countries opting to have a separate “parallel” internet that keeps a check on everything the user does and does not allow anonymity at all. This will however be against the will of some users though. Some countries like China are already doing a similar kind of a thing and we will see this practice being followed by other nations or organizations as well in the coming year.

Personal attacks become more and more common and more and more personal

We will definitely see a rise in the trend where the cyber attacks are not directed at organizations but at individuals. Social Engineering attacks are definitely going to get some heat in the coming year as the hacker realizes that an individual is much more vulnerable. Attacks at individuals working at an organization will also be a good medium to get some confidential data about the organization. This could include getting the source code of a product before it is released, stealing information about the companies customers etc.

Attacks on Cloud Storage Providers

These days, we store a lot of our information in the cloud using services like Dropbox, Google Drive etc. There have also been some claims made that companies like Dropbox store our information in an unencrypted format on their servers. As more and more companies start relying on these services to store data and to exchange data between their employees, a successful attack on these service providers could turn up a lot of information for the hacker. In 2014, we are going to see dedicated attacks on these Cloud Service Providers. Expect atleast one major and succesful attack !!

Hello Smartwatch !

With the launch of the Samsung Galaxy Gear, Sony’s smartwatch and with predictions that Apple is going to launch their own iWatch in the second half of 2014, developers will have one more device to build apps for. Just like any other products, these smartwatches are going to have some very common vulnerabilities that will be discovered by hackers. Even though i don’t expect a lot of smartwatch malwares, but we will definitely see some attacks against these smartwatches.

More Advanced Malwares

The standards are surely going to increase in 2014. Malwares will be more intrusive yet less easily detectable. Companies dealing with malware threats will have more and more work to do as these malwares become more advanced and stealthy. Expect a large increase in the number of mobile malwares.

Prateek Gianchandani, a recent IIT graduate, has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups.
You can contact him at prateek.searchingeye@gmail.com and on twitter @prateekg147 or you can visit his personal website at highaltitudehacks.com

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

How will you fund your training?

Why Take This Training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam